Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

The flaws were reported to Intel by security researchers Mark Ermolov and Maxim Goryachy from Positive Technologies. The two researchers plan to provide full details of the Intel ME flaws in a talk on Dec. 6 at the Black Hat Europe security conference. The researchers said they found a vulnerability in a subsystem of Intel ME versions 11 and higher.

"It allows an attacker of the machine to run unsigned code in PCH (Platform Controller Hub) on any motherboard via Skylake+," the Black Hat talk abstract states. "The main system can remain functional, so the user may not even suspect that his or her computer now has malware resistant to reinstalling of the OS and updating BIOS."

Related Reading

The flaws impact Intel ME and the associated Intel Trusted Execution Engine (TXE) and Intel Server Platform Services (SPS). Those systems are all embedded firmware provided by Intel to help provide management and code integrity for running Intel-powered hardware.

"Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals," the Black Hat Europe abstract stated. "The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely."

The eight vulnerabilities (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2017-5708, CVE-2017-5709, CVE-2017-5710, CVE-2017-5711 and CVE-2017-5712) include buffer overflow and privilege escalation flaws. To help impacted users detect if they are at risk from the vulnerabilities, Intel has released a detection tool.

This isn't the first time this year that Intel is patching its remote management technologies for security flaws. On May 1, Intel issued a critical security advisory for privilege escalation flaws impacting its Intel Active Management Technology (AMT), Intel Standard Manageability and Intel Small Business Technology management technologies.

Bob Rudis, chief data scientist at security firm Rapid7, said he was surprised by the timing of the new Intel ME vulnerability disclosure, given that this is a significant holiday week for much of the Fortune 5000 and beyond.

"Lenovo releasing firmware updates two weeks ago and the official Intel update today means that many organizations may have to pull folks away from vacations to triage and/or patch," Rudis told eWEEK. "Organizations that do nothing may be giving attackers free rein over their networks during the downtime."

Currently, the Intel ME vulnerabilities are not being actively exploited, but Rudis expects that to change in the coming days and weeks. He noted that Rapid7's Heisenberg Cloud honeypot sensor network has already detected researcher and non-researcher opportunistic scans for open Intel management ports on the internet.

"It is vital that organizations of all shapes and sizes identify and inventory vulnerable systems, work with their vendors on when they can expect patches, and then develop mitigation and patch strategies as soon as possible," Rudis said. "Any organization that does not have an isolated, segmented management network for Intel ME/AMT access should make designing such an environment a high priority, especially if they cannot patch quickly."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.